<?php

class Tri_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
{
    const RESOURCE_SEPARATOR = "+";
    
    public function preDispatch(Zend_Controller_Request_Abstract $request)
    {        
        $acl      = Zend_Registry::get('acl');
        $identity = Zend_Auth::getInstance()->getIdentity();

        $resource  = strtolower($request->getModuleName());
        $privilege = strtolower($request->getControllerName()
                   . self::RESOURCE_SEPARATOR
                   . $request->getActionName());
        
        $role = 'all';
        if (isset($identity->role)) {
            $role = $identity->role;
            if (!$acl->isAllowed($role, $resource, $privilege)) {
                $request->setModuleName('default')
                        ->setControllerName('error')
                        ->setActionName('access');
            }
        }
        else {
            $request->setModuleName('default')
                    ->setControllerName('usuarios')
                    ->setActionName('login');
        }

    }
}